Hi all, 1) I am using LDAP for authenticating. I would like my users to be divided into groups with different access rights.
level1 - can access any site level2 - can access any site not in blacklist level3 - can access intranet sites only 2) I configured squid for authenticate to LDAP. auth_param basic program /usr/lib/squid/squid_ldap_auth ... auth_param basic children 10 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours 3) I inserted a new attribute to LDAP called internetClass, that can have "level1", "level2" or "level3" as content. 4) Is there a way to create ACLs that can control the rights for each group of users as described in 1)? 5) Now I am using a script that prepares three files, one for each group of users, and one ACL for each group, like: acl LEVEL1 proxy_auth_regex -i "/etc/squid/user/level1" acl LEVEL2 proxy_auth_regex -i "/etc/squid/user/level2" acl LEVEL3 proxy_auth_regex -i "/etc/squid/user/level3" The script runs under cron and issues a -k reconfigure at the end. 6) Just for information, other rules are: acl BLACKLIST urlpath_regex -i "/etc/squid/block/blacklist" acl INTRANET urlpath_regex -i "/etc/squid/block/intranet" ... and: http_access allow LEVEL1 http_access allow LEVEL2 !BLACKLIST http_access allow LEVEL3 INTRANET http_access deny all Thanks! -- Bye, Fernando Maciel Souto Maior [EMAIL PROTECTED] http://www.araujo.com.br +55+31 3270-5886
